Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module system :: Class Thread
[hide private]
[frames] | no frames]

Class Thread

Interface to a thread in another process.

Nested Classes [hide private]
    Registers
  Flags
Commonly used processor flags
Instance Methods [hide private]
 
__init__(self, dwThreadId, hThread=None, process=None)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature
 
__get_pid_by_scanning(self)
Internally used by get_pid().

Inherited from object: __delattr__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

    Properties
Process
get_process(self)
Returns: Parent Process object.
int
get_pid(self)
Returns: Parent process global ID.
int
get_tid(self)
Returns: Thread global ID.
str
get_name(self)
Returns: Thread name, or None if the thread is nameless.
 
set_name(self, name=None)
Sets the thread's name.
bool
is_alive(self)
Returns: True if the thread if currently running.
int
get_exit_code(self)
Returns: Thread exit code, or STILL_ACTIVE if it's still alive.
TEB
get_teb(self)
Returns a copy of the TEB. (Inherited from winappdbg.system.ThreadDebugOperations)
    Instrumentation
 
wait(self, dwTimeout=None)
Waits for the thread to finish executing.
 
kill(self, dwExitCode=0)
Terminates the thread execution.
int
suspend(self)
Suspends the thread execution.
int
resume(self)
Resumes the thread execution.
    Registers
dict( str → int )
get_context(self, ContextFlags=65599)
Returns: Dictionary mapping register names to their values.
 
set_context(self, context)
Sets the values of the registers.
int
get_pc(self)
Returns: Value of the program counter register.
 
set_pc(self, pc)
Sets the value of the program counter register.
int
get_sp(self)
Returns: Value of the stack pointer register.
 
set_sp(self, sp)
Sets the value of the stack pointer register.
int
get_fp(self)
Returns: Value of the frame pointer register.
 
set_fp(self, fp)
Sets the value of the frame pointer register.
int
get_register(self, register)
Returns: Value of the requested register.
int
set_register(self, register, value)
Sets the value of a specific register.
int
get_flags(self, FlagMask=4294967295)
Returns: Flags register contents, optionally masking out some bits.
 
set_flags(self, eflags, FlagMask=4294967295)
Sets the flags register, optionally masking some bits.
bool
get_flag_value(self, FlagBit)
Returns: Boolean value of the requested flag.
 
set_flag_value(self, FlagBit, FlagValue)
Sets a single flag, leaving the others intact.
bool
get_zf(self)
Returns: Boolean value of the Zero flag.
bool
get_cf(self)
Returns: Boolean value of the Carry flag.
bool
get_sf(self)
Returns: Boolean value of the Sign flag.
bool
get_df(self)
Returns: Boolean value of the Direction flag.
bool
get_tf(self)
Returns: Boolean value of the Trap flag.
 
clear_zf(self)
Clears the Zero flag.
 
clear_cf(self)
Clears the Carry flag.
 
clear_sf(self)
Clears the Sign flag.
 
clear_df(self)
Clears the Direction flag.
 
clear_tf(self)
Clears the Trap flag.
 
set_zf(self)
Sets the Zero flag.
 
set_cf(self)
Sets the Carry flag.
 
set_sf(self)
Sets the Sign flag.
 
set_df(self)
Sets the Direction flag.
 
set_tf(self)
Sets the Trap flag.
    Handle
 
open_handle(self, dwDesiredAccess=2035711)
Opens a new handle to the thread.
 
close_handle(self)
Closes the handle to the thread.
ThreadHandle
get_handle(self)
Returns: Handle to the thread.
    Disassembly
list of tuple( long, int, str, str )
disassemble(self, lpAddress, dwSize)
Disassemble instructions from the address space of the process. (Inherited from winappdbg.system.ThreadDebugOperations)
list of tuple( long, int, str, str )
disassemble_around(self, lpAddress, dwSize=64)
Disassemble around the given address. (Inherited from winappdbg.system.ThreadDebugOperations)
list of tuple( long, int, str, str )
disassemble_around_pc(self, dwSize=64)
Disassemble around the program counter of the given thread. (Inherited from winappdbg.system.ThreadDebugOperations)
    Stack
str
get_stack_frame(self, max_size=None)
Reads the contents of the current stack frame. (Inherited from winappdbg.system.ThreadDebugOperations)
tuple( int, int )
get_stack_frame_range(self)
Returns the starting and ending addresses of the stack frame. (Inherited from winappdbg.system.ThreadDebugOperations)
tuple( int, int )
get_stack_range(self)
Returns: Stack base pointer and stack limit pointer. (Inherited from winappdbg.system.ThreadDebugOperations)
tuple of tuple( int, int, str )
get_stack_trace(self, depth=16)
Tries to get a stack trace for the current function. (Inherited from winappdbg.system.ThreadDebugOperations)
tuple of tuple( int, int, str )
get_stack_trace_with_labels(self, depth=16)
Tries to get a stack trace for the current function. (Inherited from winappdbg.system.ThreadDebugOperations)
str
peek_stack_data(self, size=128, offset=0)
Tries to read the contents of the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)
tuple( int... )
peek_stack_dwords(self, count, offset=0)
Tries to read DWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)
str
read_stack_data(self, size=128, offset=0)
Reads the contents of the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)
tuple( int... )
read_stack_dwords(self, count, offset=0)
Reads DWORDs from the top of the stack. (Inherited from winappdbg.system.ThreadDebugOperations)
    Miscellaneous
str
peek_code_bytes(self, size=128, offset=0)
Tries to read some bytes of the code currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)
dict( str → str )
peek_pointers_in_data(self, data, peekSize=16, peekStep=1)
Tries to guess which values in the given data are valid pointers, and reads some data from them. (Inherited from winappdbg.system.ThreadDebugOperations)
dict( str → str )
peek_pointers_in_registers(self, peekSize=16)
Tries to guess which values in the registers are valid pointers, and reads some data from them. (Inherited from winappdbg.system.ThreadDebugOperations)
str
read_code_bytes(self, size=128, offset=0)
Tries to read some bytes of the code currently being executed. (Inherited from winappdbg.system.ThreadDebugOperations)
Static Methods [hide private]
    Disassembly
list of tuple( long, int, str, str )
disassemble_string(lpAddress, code)
Disassemble instructions from a block of binary code. (Inherited from winappdbg.system.ThreadDebugOperations)
Instance Variables [hide private]
int dwThreadId
Global thread ID.
ThreadHandle hThread
Handle to the thread.
int pInjectedMemory
If the thread was created by Process.inject_code, this member contains a pointer to the memory buffer for the injected code.
Process process
Parent process object.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, dwThreadId, hThread=None, process=None)
(Constructor)

 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • dwThreadId (int) - Global thread ID.
  • hThread (ThreadHandle) - (Optional) Handle to the thread.
  • process (Process) - (Optional) Parent Process object.
Overrides: object.__init__

get_process(self)

 
Returns: Process
Parent Process object.

get_pid(self)

 
Returns: int
Parent process global ID.
Raises:
  • WindowsError - An error occured when calling a Win32 API function.
  • RuntimeError - The parent process ID can't be found.

get_tid(self)

 
Returns: int
Thread global ID.

get_name(self)

 
Returns: str
Thread name, or None if the thread is nameless.

set_name(self, name=None)

 

Sets the thread's name.

Parameters:
  • name (str) - Thread name, or None if the thread is nameless.

get_handle(self)

 
Returns: ThreadHandle
Handle to the thread.

wait(self, dwTimeout=None)

 

Waits for the thread to finish executing.

Parameters:
  • dwTimeout (int) - (Optional) Timeout value in milliseconds. Use INFINITE or None for no timeout.

kill(self, dwExitCode=0)

 

Terminates the thread execution.

Parameters:
  • dwExitCode (int) - (Optional) Thread exit code.

Note: If the lpInjectedMemory member contains a valid pointer, the memory is freed.

suspend(self)

 

Suspends the thread execution.

Returns: int
Suspend count. If zero, the thread is running.

resume(self)

 

Resumes the thread execution.

Returns: int
Suspend count. If zero, the thread is running.

is_alive(self)

 
Returns: bool
True if the thread if currently running.

get_exit_code(self)

 
Returns: int
Thread exit code, or STILL_ACTIVE if it's still alive.

get_context(self, ContextFlags=65599)

 
Returns: dict( str → int )
Dictionary mapping register names to their values.

See Also: set_context

set_context(self, context)

 

Sets the values of the registers.

Parameters:
  • context (dict( str → int )) - Dictionary mapping register names to their values.

See Also: get_context

get_pc(self)

 
Returns: int
Value of the program counter register.

set_pc(self, pc)

 

Sets the value of the program counter register.

Parameters:
  • pc (int) - Value of the program counter register.

get_sp(self)

 
Returns: int
Value of the stack pointer register.

set_sp(self, sp)

 

Sets the value of the stack pointer register.

Parameters:
  • sp (int) - Value of the stack pointer register.

get_fp(self)

 
Returns: int
Value of the frame pointer register.

set_fp(self, fp)

 

Sets the value of the frame pointer register.

Parameters:
  • fp (int) - Value of the frame pointer register.

get_register(self, register)

 
Parameters:
  • register (str) - Register name.
Returns: int
Value of the requested register.

set_register(self, register, value)

 

Sets the value of a specific register.

Parameters:
  • register (str) - Register name.
Returns: int
Register value.

get_flags(self, FlagMask=4294967295)

 
Parameters:
  • FlagMask (int) - (Optional) Bitwise-AND mask.
Returns: int
Flags register contents, optionally masking out some bits.

set_flags(self, eflags, FlagMask=4294967295)

 

Sets the flags register, optionally masking some bits.

Parameters:
  • eflags (int) - Flags register contents.
  • FlagMask (int) - (Optional) Bitwise-AND mask.

get_flag_value(self, FlagBit)

 
Parameters:
  • FlagBit (int) - One of the Flags.
Returns: bool
Boolean value of the requested flag.

set_flag_value(self, FlagBit, FlagValue)

 

Sets a single flag, leaving the others intact.

Parameters:
  • FlagBit (int) - One of the Flags.
  • FlagValue (bool) - Boolean value of the flag.

get_zf(self)

 
Returns: bool
Boolean value of the Zero flag.

get_cf(self)

 
Returns: bool
Boolean value of the Carry flag.

get_sf(self)

 
Returns: bool
Boolean value of the Sign flag.

get_df(self)

 
Returns: bool
Boolean value of the Direction flag.

get_tf(self)

 
Returns: bool
Boolean value of the Trap flag.

Instance Variable Details [hide private]

dwThreadId

Global thread ID. Use get_tid instead.
Type:
int

hThread

Handle to the thread. Use get_handle instead.
Type:
ThreadHandle

pInjectedMemory

If the thread was created by Process.inject_code, this member contains a pointer to the memory buffer for the injected code. Otherwise it's None.

The kill method uses this member to free the buffer when the injected thread is killed.

Type:
int

process

Parent process object. Use get_process instead.
Type:
Process

   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri May 15 21:56:40 2009 http://epydoc.sourceforge.net